6 matches found
BIT-VAULT-2022-25243
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...
CVE-2022-25243
A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote, authenticated attacker to bypass security restrictions caused by a flaw related to the PKI secrets engine under certain configurations. An attacker can issue wildcard certificates to authorized users for a...
CVE-2022-25243
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...
Design/Logic Flaw
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...
CVE-2022-25243
CVE-2022-25243 affects HashiCorp Vault and Vault Enterprise: PKI secrets engine could issue wildcard certificates to authorized users under certain configurations, even when allow_subdomains is false. Impacted are Vault and Vault Enterprise versions 1.8.0–1.8.8 and 1.9.3. Root cause: PKI configur...
CVE-2022-25243
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...